Building a livecd with Debian Live
wtf would you want to do that
- Fucking capslock
- All the tools I need preinstalled
.bashrc
, .emacs
, etc.
- Make a dropbox out of anything that can boot from CD.
Debian Live overview
Real documentation is at http://live.debian.net/ - this is just an overview.
# mkdir livecd; cd livecd
# lb config
# lb build
This results in a directory tree like this:
# ls -1F
auto/
binary/
binary-hybrid.iso
binary.list
binary.packages
build.log
cache/
chroot/
chroot.packages.install
chroot.packages.live
config/
binary
is the livecd filesystem containing e.g. the syslinux bootloader and the squashfs with your livecd chroot on it.
binary-hybrid.iso
is the resulting isofile that you can burn to disc or copy with dd
to a USB drive.
chroot
will become /
when you boot into your livecd.
cache
is a temporary directory that contains stuff like downloaded packages. (If you're not doing anything too complicated, it can be useful to symlink cache/packages_chroot
to
Debian Live configuration
And the config
directory is where you'll spend most of your time:
# ls -1F config
archives/
binary
binary_debian-installer/
binary_debian-installer-includes/
binary_grub/
binary_rootfs/
binary_syslinux/
bootstrap
chroot
chroot_apt/
chroot_local-patches/
common
hooks/
includes/
includes.binary/
includes.chroot/
package-lists/
packages/
packages.binary/
packages.chroot/
preseed/
source
task-lists/
templates/
Customization
- Files from
config/includes.chroot
are copied directly into the livecd filesystem.
- Files in
config/hooks/*.<STAGE>
are executed at <STAGE>, where stages include at least chroot
and binary
.
config/includes.chroot/etc/rc.local
is a good catch-all for stuff that needs to be run at each boot as well.
config/packages.chroot
should contain a list of packages you wish to install.
- In my rc.local I run a script that updates the git repository containing my bashrc and other dotfiles.
- Capslock is control:
config/includes.chroot/etc/default/keyboard
(details in man 5 keyboard
)
Customization: custom CA certificate
- Make sure you install the
ca-certificates
package (in the livecd).
- Add your custom certificate to
config/includes.chroot/usr/local/share/ca-certificates/
.
- Create a chroot hook to run
update-ca-certificates -f
.
Customization: add a user
I have a users.chroot
hook that does this for me.
password='$6$Ww6QA/nwY$7ngMEfWsOMoApkBXY1itmxQWDSFYjZpgIR1tl8M1xiBHOGHtiy1TxkTxcZVC1tw6lz4QrDMwwgUn9llxYAtkK/'
groupadd --gid 999 jessica
groupadd --gid 998 basicallyroot
umask 077
useradd --home-dir /home/jessica \
--create-home \
--skel /etc/skel-jessica \
--shell /bin/bash \
--uid 999 \
--no-user-group \
--gid 999 \
--groups sudo,basicallyroot \
--password "$password" \
jessica
chmod 700 ~jessica
su jessica -c 'cd ~; umask 077; git clone https://younix.us/cgit/cgit.cgi/dhd.git/ .dhd'
su jessica -c 'git config remote.origin.url mrled@h.younix.us:~/opt/rcs/dhd.git'
echo "%basicallyroot ALL=NOPASSWD: ALL" > /etc/sudoers.d/basicallyroot
chmod 440 /etc/sudoers.d/basicallyroot
Customization: third party APT repositories
- I have Tor and Clonezilla on mine. This is also how you'd add LaunchPad PPA repositories (using this information). (Note that installing PPAs on Debian isn't recommended but it can be useful anyway.)
- You have to run
apt-get update; apt-get --yes install <PACKAGE>
yourself, because chroot hooks like this one run after the packages from your package list get installed.
Customization: backdoors and reverse connections
Remote access behind a firewall.